I am a novice when it comes to VPN configuration, with almost no experience configuring or tuning VPN settings. I have an existing working .ovpn
file configuring a VPN connection within my organization's network.
I have a resource outside the organization's domain that needs accessed through the VPN. I know that I can add redirect-gateway def1
to my .ovpn
file redirect all traffic through the VPN. A colleague has this configuration working on their machine.
Reference manual for OpenVPN 2.4:
--redirect-gateway flags... Automatically execute routing commands to cause all outgoing IP traffic to be redirected over the VPN. This is a client-side option. This option performs three steps: Create a static route for the --remote address which forwards to the pre-existing default gateway. This is done so that the third step will not create a routing loop. Delete the default gateway route. Set the new default gateway to be the VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).
[…]
Option flags:
[…]
def1 -- Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway.
I don't love this option, as I would prefer to only have necessary traffic redirected over the VPN, not all outgoing IP traffic.
Is there a way to add only the additional domain to my .ovpn
configuration file?
Example
To make it concrete, let's say I have the following working .ovpn
file:
remote vpn.example.com 1194
proto udp
ns-cert-type server
client
dev tun
resolv-retry infinite
keepalive 10 120
nobind
comp-lzo
mssfix 1331
verb 3
## Certs etc. follow (omitted from example for brevity)
Let's say that I also want all traffic coming from the otherdomain.invalid
to be redirected through the VPN (e.g. foo.otherdomain.invalid
, bar.baz.otherdomain.invalid
should be redirected through the VPN). What can I add to this file to achieve this?